Policy Hardening, and Why Your Security Posture Should Evolve With Your Business Needs
When’s the last time you finished a project — say, implementing a new cloud integration — without any hiccups or surprises? If you’ve accomplished this recently, congratulations (and please teach me how you did it)! If you haven’t, you’re in good company.
According to Duo’s cloud data provider, our average mid-market customer manages 20 application integrations in their environment. Controlling this access throughout your environment and ensuring the right people get the right access at the right time is incredibly difficult. That’s a key factor in why Gartner’s CARTA model emphasizes how important it is to “continuously discover, monitor, assess, and prioritize risk — proactively and reactively.” So what are we to do in the face of this complexity?
Let’s start with the basics. Your security posture must be designed to serve business access needs within your specific risk context. But business needs and risk environments are constantly changing. Given the changing landscape, you must constantly evaluate and readjust your access policies and posture. That’s where machine learning tools come in, like Trust Monitor, which can identify and flag anomalous events for you to review, providing the context necessary to understand an event’s impact for your unique scenario. From here, you can remediate the event and fine-tune your policy.
Trust Monitor helps you gain visibility by leveraging Duo's enriched, historical authentication data, shedding light on what's normal, and what’s atypical, as users and devices access your corporate environment. Understanding anomalous access enables you to harden security posture as well as policy; detect and remediate access risk; and step access requirements up (or down) accordingly. Because it operates on carefully calibrated machine learning models, Trust Monitor can continuously react to changes without your manual input.
What does this look like in practice? The general process is like this, while Trust Monitor runs in the background:
- Because of your business needs and risk environment, you set up a new application, protected by Duo.
- Something changes, either among your business needs or your risk environment. This could be as significant as the shift to remote work brought on by the COVID-19 pandemic, or as routine as onboarding a new contractor or introducing a new application.
- Trust Monitor continually trains itself on what “normal” looks like in your environment. When it finds that something has changed, it creates a new definition of what “anomalous” behavior looks like.
- This new anomaly is flagged for review, you’re able to fix the environment, and your company’s security posture is better off for it.
Since releasing Trust Monitor earlier this year, we’ve heard dozens of stories from our customers about how Trust Monitor has helped them improve policy. At Duo, we call this “policy hardening,” and we think it’s an important practice for good security hygiene. Let’s take a quick look at some of these policy hardening success stories:
Securing a National Retailer's Storefronts
A national retailer rolled out updated multi-factor authentication (MFA) policies. They implemented these new policies starting with the Security team, followed by the IT team, and finally to headquarters and in-store teams. However, due to a misconfiguration in their Identity and Access Management system, a retail store was included in this rollout and enabled with MFA before the team was properly trained. Trust Monitor spotted the anomalous access from the improperly enrolled store, and the retailer was able to fix the misconfiguration before it negatively impacted their Sales team.
Enforcing a Law Firm’s Client Data Protections
A mid-sized law firm has a strict set of company guidelines and information security protocols implemented in order to prevent customer data from leaving the country. Trust Monitor has been invaluable to them as they maintain visibility of what information is accessed where — and, more importantly, when access to data is attempted from out of compliance. This awareness empowers them to shore up their data governance and policy enforcement.
Allowing Access as Needed for a Healthcare Provider
A healthcare provider has critical patient information that needs to be shared with third-party providers, insurers and other interested parties. Because of the uncompromising requirements they have for patient health data, they set a strict global policy limiting access outside of the US. However, business requirements changed, and they contracted with an international supplier.
Trust Monitor flagged these access attempts for review, giving the healthcare provider an understanding of where their sensitive patient information was being used. The company updated their blanket policy to be more granular in allowing access from partner locations, but not too broadly across other regions. Because of Trust Monitor, the company was able to find the right balance of access and security for their business needs.
Each of these Duo customers has a complex IT environment, security concerns and risks, and business needs that must be met — and each of these environments, concerns, risks and needs are changing. Trust Monitor has proven to be useful to these customers in understanding their environment as it evolves and continuing to serve their customers and employees with the convenience and security that they need to get their work done.
- Learn more about Trust Monitor in our documentation
- See for yourself by trying a demo of Trust Monitor
- Contact our Sales team for additional information
Try Duo for Free
Want to test it out before you buy? Try Duo for free using our 30-day trial and get used to being secure from anywhere at any time.